Anonymous read access enabled - Anonymous push access (allowing image replacement) - No content trust / image signing enforcement - Registry exposed to the internet without authentication - Use of HTTP instead of HTTPS - Missing vulnerability scanning integration